Losing a job and struggling with finances have added significant stress to those trying to stay safe during the COVID-19 pandemic. It is no secret that for weeks, state departments administering unemployment compensation have been under fire due to massive backlogs of unprocessed claims. Adding to claimants’ frustrations are a number of security incidents affecting several states’ agencies. We previously reported that the Small Business Administration experienced a breach compromising personal data for thousands of applications for financial assistance. Now we are seeing state level entities experiencing security compromises.

Pandemic Unemployment Assistance (PUA) is unemployment compensation available to self-employed and “gig” workers. In the past several weeks, thousands of workers in several states who applied for PUA received notice that their personal information was possibly exposed to other users. The personal information exposed included social security numbers, addresses, names, and the amount workers were receiving in benefits. Fortunately, at least at this time, there is no evidence personal information was misused and the alerts from the states were preventative.

Such news is hardly uncommon. We have already written on the ways mistakes and the actions of bad actors are affecting the security of personal data. However, this news is particularly painful and tragic as we see individuals already struggling with the hardships of unemployment now having to deal with the added stress and steps required to protect their personal data against misuse.

Times of crisis understandably distract us from the things that routinely keep us safe and operational. Consumers and businesses, alike, need to remain vigilant when it comes to safeguarding personal information, now more than ever. Consumers should take charge of their personal data, whenever possible. Consumers should regularly review accounts for any irregular activity and report such activity immediately. Credit accounts should be frozen to protect against unauthorized access. The process is simple and inexpensive, and often free.

Businesses should regularly audit system activity for irregular activity and take steps to actively upgrade and improve security, especially as new threats emerge. Companies should exercise diligence any time they update company systems with new software to ensure such software does not introduce security vulnerabilities. The bad guys are looking for just one door to be opened, even momentarily. Again, when companies are faced with keeping the lights on and employees employed, it can be understandable that data privacy and security might take a back seat. However, as we have found out, failing to keep privacy and security in focus can only make tough times even worse.